skill-lookup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to retrieve, present, and save full file contents (including scripts and config files) verbatim, which could require emitting any secret values embedded in those files and thus enables secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill calls the prompts.chat MCP server (search_skills / get_skill) to fetch entire skill packages and file contents (SKILL.md, scripts, docs) authored by external contributors, meaning the agent ingests untrusted, user-generated third-party content as part of its workflow.